Archive for the ‘Twitter worm’ Tag

I originally wrote this piece as a guest post for An Information Security Place. However, I wanted to re-post at WiFiJedi.com FRIDAY 4/17 Update: Apparently the behavior described below is tied to a buggy Pidgin plugin. I haven’t been able to confirm that 100%, but thought I should deliver the latest & greatest…

—————————————————————————————–

As most of you know, Twitter was hit with a series of worms this past weekend. They were created by 17 year old, Mikey Mooney, creator of the website StalkDaily.com (don’t visit the site). The original worm seemed fairly innocuous, with messages that were created to drive traffic to the StalkDaily website.

After Twitter patched the original cross site scripting (XSS) flaw, which exploited the “link” field in a user profile, another variant of the worm appeared. This time, the worm exploited the “color” setting of the user profile. Modifying the worm highlighted that the XSS vulnerability was not limited to a single field and that Twitter would have to institute a comprehensive patch, not a band-aid solution.

The variant of the worm automatically generated tweets with the term “mikeyy”. These were sarcasitic in nature and seemed to be tounge-in-cheek. Examples include:

Mikeyy I am done…

Mikeyy is done…

Twitter please fix this, regards Mikeyy

The general consensus today is that the “StalkDaily” and “Mikeyy” worms have been adequately addressed. However, I am not fully convinced. Four days after the original worm, I am still seeing suspicious behavior. A colleague of mine has a Twitter account that automatically started generating tweets saying “I am not here right now.”

Using a third party iPhone application, TweetStack, I am conducting periodic searches on the string “I am not here right now.” I found that this is not nearly as wide spread as the “StalkDaily” Twitter worm, but has affected at least a couple dozen accounts.

While this could be yet another variant of worm created by Mikey Mooney, my suspicion is that this is a copycat worm created by another party (most likely a Scriptkiddie).

Are YOU still seeing anomalous behavior on Twitter? I would love to hear about it! Please comment below as well as notify the Internet Storm Center if you see anything noteworthy.

I have started blogging for Computerworld. I am serving up content for their Mobile & Wireless space.

I wrote a post over the weekend detailing two variants of a Twitter worm – one advertising StalkDaily.com (don’t visit the site) and another highlighting the 17 year old behind the website who goes by the name of “mikeyy”.

My post details how the worm spreads, as well as provides specific security recommendations. You can read the post in its entirety at: